1 2 Sendmail Processes 3 4As of sendmail 8.12, in order to improve security, the sendmail binary no 5longer needs to be set-user-ID root. Instead, a set-group-ID binary 6accepts command line mail and relays it to a full mail transfer agent via 7SMTP. A group writable client mail queue (/var/spool/clientmqueue/ by 8default) holds the mail if an MTA can not be contacted. 9 10To accomplish this, under the default setup, an MTA must be listening on 11localhost port 25. If the rc.conf sendmail_enable option is set to "NO", 12a sendmail daemon will still be started and bound only to the localhost 13interface in order to accept command line submitted mail (note that this 14does not work inside jail(2) systems as jails do not allow binding to 15just the localhost interface). If this is not a desirable solution, it 16can be disabled using the sendmail_submit_enable rc.conf option. However, 17if both sendmail_enable and sendmail_submit_enable are set to "NO", you 18must do one of two things for command line submitted mail: 19 201. Designate an alternative host for the submission agent to contact 21 by altering /etc/mail/freebsd.submit.mc (or setting SENDMAIL_SUBMIT_MC 22 in /etc/make.conf to an alternate .mc file) and using 23 'make install-submit-cf' in /etc/mail/. Change the FEATURE(msp) line 24 to FEATURE(msp, hostname) where hostname is the fully qualified hostname 25 of the alternative host. 26 27Or: 28 292. Return to using a set-user-ID root sendmail binary by changing the 30 ownership and permissions on the sendmail binary and removing the 31 /etc/mail/submit.cf file: 32 chown root /usr/libexec/sendmail/sendmail 33 chmod 4755 /usr/libexec/sendmail/sendmail 34 rm /etc/mail/submit.cf 35 If you install from source, set the SENDMAIL_SET_USER_ID flag in 36 /etc/make.conf. 37 38Also, as of 8.12, a new queue-running daemon is started to make sure mail 39doesn't remain in the client mail queue. By default, it simply runs the 40client mail queue every 30 minutes. Its behavior can be adjusted by setting 41the sendmail_msp_queue_enable and sendmail_msp_queue_flags rc.conf options. 42 43 44 Filtering out SPAM from your site 45 46Sendmail now includes excellent tools to block spam. These tools are 47available as FEATUREs that you can add to your site's .mc file. Proper use 48of these FEATUREs will prevent spammer from using your site as a relay as 49well as significantly decrease the amount of spam that arrives at your 50site. No set of anti-spam tools will block all spam without blocking some 51portion of legitimate mail as well. Therefore, these FEATUREs are designed 52to prevent as much spam as possible without blocking legitimate mail. 53 54These tools are discussed in /usr/share/sendmail/cf/README. Read the 55section entitled "ANTI-SPAM CONFIGURATION CONTROL". Example usage and 56additional tools can be found in /usr/share/sendmail/cf/cf/knecht.mc. 57 58